xref: /netbsd-src/external/bsd/ipf/dist/rules/ftp-proxy (revision bc4097aacfdd9307c19b7947c13c6ad6982527a9)

How to setup FTP proxying using the built in proxy code.
========================================================

NOTE: Currently, the built-in FTP proxy is only available for use with NAT
      (i.e. only if you're already using "map" rules with ipnat).  It does
      support null-NAT mappings, that is, using the proxy without changing
      the addresses.

Lets assume your network diagram looks something like this:


[host A]
   |a
---+-------------+----------
                 |b
             [host B]
                 |c
---+-------------+----------
   |d
[host C]

and IP Filter is running on host B.  If you want to proxy FTP from A to C
then you would do:

map int-c ipaddr-a/32 -> ip-addr-c-net/32 proxy port ftp ftp/tcp

int-c = name of "interface c"
ipaddr-a = ip# of interface a
ipaddr-c-net = another ip# on the C-network (usually not the same as the
interface).

e.g., if host A was 10.1.1.1, host B had two network interfaces ed0 and vx0
which had IP#'s 10.1.1.2 and 203.45.67.89 respectively, and host C was
203.45.67.90, you would do:

map vx0 10.1.1.1/32 -> 203.45.67.91/32 proxy port ftp ftp/tcp

where:
ipaddr-a = 10.1.1.1
int-c = vx0
ipaddr-c-net = 203.45.67.91

The "map" rule for this proxy should precede any other NAT rules you are
using.